Hi , Everyone
I’am stuck at the question 3 to connect to DC01 with Leonvqz since 3 days.
I can connect or execute since SRV02 ( in evil-winrm or in RDP with WinRM with Rubeus with Leonvqz Hash) but il cannot execute any command with Leonvqz due to double-hop i can only use Invoke-Command with :
PS C:\Tools> $username = "INLANEFREIGHT\Helen"
PS C:\Tools> $password = "RedRiot88"
PS C:\Tools> $securePassword = ConvertTo-SecureString $password -AsPlainText -Force
PS C:\Tools> $credential = New-Object System.Management.Automation.PSCredential ($username, $securePassword)
PS C:\Tools> Invoke-Command -ComputerName DC01 -Credential $credential -ScriptBlock { whoami; hostname }
Il also run this command in SRV02 :
Set-Item WSMan:localhost\client\trustedhosts -value * -Force
I’am connecting to SRV02 with evil-winrm with Hash of Leonvqz and also on RDP with Rubeus.exe for create TGT session but with the double hop in Winrm il cant use PSSession and i dont have credentials of Leonvqz.
I understand connexion for DC01 since SRV02 but I’am stuck , if someone can help
thank you very much